[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <aOP2DUj67yB0afUt@earth.li>
Date: Mon, 6 Oct 2025 18:02:05 +0100
From: Jonathan McDowell <noodles@...th.li>
To: Jarkko Sakkinen <jarkko@...nel.org>
Cc: James Bottomley <James.Bottomley@...senpartnership.com>,
Linus Torvalds <torvalds@...ux-foundation.org>,
Peter Huewe <peterhuewe@....de>, Jason Gunthorpe <jgg@...pe.ca>,
David Howells <dhowells@...hat.com>, keyrings@...r.kernel.org,
linux-integrity@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [GIT PULL] TPM DEVICE DRIVER: tpmdd-next-v6.18
On Mon, Oct 06, 2025 at 07:51:46PM +0300, Jarkko Sakkinen wrote:
> My main issue preventing sending a new pull request is that weird list
> of core TPM2 features that is claimed "not to be required" with zero
> references. Especially it is contraditory claim that TPM2_CreatePrimary
> would be optional feature as the whole chip standard is based on three
> random seeds from which primary keys are templated and used as root
> keys for other keys.
My understanding here is that the main specification about what's
"required" for TPMs to implement is from the PC Client Platform TPM
Profile. There's no specific server PTP (though there is talk about
creating one), so _most_ vendors just implement the PC Client PTP. It
doesn't mean a TPM that doesn't do so isn't TPM compliant, just not PC
Client PTP compliant.
Google have taken the approach in their Titan based TPM implementation
to avoid implementing features they don't need, to reduce attack
surface.
I'm not aware of anyone else who has done this.
J.
--
... You non-conformists are all alike.
Powered by blists - more mailing lists